OWASP Broken Web Applications v0.91rc1 available

The Open Web Application Security Project (OWASP) Broken Web Applications Project is distributed as a Virtual Machine in VMware format compatible with their no-cost VMware Player and VMware Server products (along with their commercial products).

The Open Web Application Security Project (OWASP) Broken Web Applications Project is distributed as a Virtual Machine in VMware format compatible with their no-cost VMware Player and VMware Server products (along with their commercial products).

Applications included

This project includes applications from various sources (listed in no particular order).

The various vulnerable web applications have some user accounts created and some content included. See ApplicationAccounts for details.

Management

Once booted, the VM can be administered few a few different mechanisms. Note, I don’t consider these components "in scope" for the vulnerabilities in the VM... they are just there to support management. Administrative interfaces:

SSH

Samba shares

Console login

PHPMyAdmin (at http://owaspbwa/phpmyadmin)

Tomcat Manager (at http://owaspbwa:8080/manager/html)

Vulnerabilities

Please review the Issues Page to see what people have already reported and feel free to submit some additional items for everyone’s benefit.

Installation

The VM requires no installation. Simply extract the files from the archive and then start the VM in a VMware product. Once the machine is booted, you can access it via the console, SSH, or Samba using:

USERNAME: root
PASSWORD: owaspbwa

Note:

The VM is entirely command line driven. X-Windows or other GUI systems have not been installed.

The VM can be downloaded as a .zip file or as a much smaller .7z 7-zip Archive. BOTH FILES CONTAIN THE EXACT SAME VM! Please download the .7z archive if possible to save bandwidth (and time).

Most importantly, the VM may not get an IP address from DHCP on boot up. Run dhclient.

The GPLv2 license for this project is only for any custom modifications and code created for this project.